Update sysmon_susp_office_kerberos_dll_load.yml

This commit is contained in:
Antonlovesdnb 2020-02-19 14:51:50 -05:00 committed by GitHub
parent 1f01fe446f
commit 328858279f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -5,9 +5,9 @@ description: Detects Kerberos DLL being loaded by an Office Product
references:
- https://medium.com/threatpunter/detecting-adversary-tradecraft-with-image-load-event-logging-and-eql-8de93338c16
author: Antonlovesdnb
date: 2019/12/26
date: 2020/02/19
tags:
- attack.initial.access
- attack.initial_access
- attack.t1193
logsource:
product: windows